CVE-2022-28871
Denial-of-Service (DoS) Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Atlant versiones anteriores a 2022-04-12_01 por la que el componente fsicapd usado en ciertos productos de F-Secure mientras escanea paquetes/archivos de gran tamaño consume demasiada memoria, pudiendo llegar a bloquear el motor de escaneo. La explotación puede ser desencadenada remotamente por un atacante
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-08 CVE Reserved
- 2022-04-25 CVE Published
- 2023-11-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.withsecure.com/en/support/security-advisories/cve-2022-28871 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F-secure Search vendor "F-secure" | Atlant Search vendor "F-secure" for product "Atlant" | - | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| F-secure Search vendor "F-secure" | Atlant Search vendor "F-secure" for product "Atlant" | - | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| F-secure Search vendor "F-secure" | Atlant Search vendor "F-secure" for product "Atlant" | - | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|